Package: busybox Version: 1:1.19.3-7 Severity: important Tags: patch User: ubuntu-de...@lists.ubuntu.com Usertags: origin-ubuntu quantal ubuntu-patch
Hi guys, In merging the latest version of the busybox package into Ubuntu for the newly-opened quantal, I noticed that the package was not applying hardening flags from dpkg-buildflags. As building with hardening enabled is a release goal for wheezy, I would encourage you to apply the attached patch. Note that this also turns on V=1 when building, without which it's rather difficult to see from the logs what flags are being passed at all. Verbose package build logs by default are definitely best practice so that it's possible to do analysis of this kind of thing against buildd.debian.org. Thanks for considering the patch. -- Steve Langasek Give me a lever long enough and a Free OS Debian Developer to set it on, and I can move the world. Ubuntu Developer http://www.debian.org/ slanga...@ubuntu.com vor...@debian.org
=== modified file 'debian/rules' --- debian/rules 2012-04-12 12:15:43 +0000 +++ debian/rules 2012-05-01 00:54:23 +0000 @@ -15,6 +15,11 @@ export CROSS_COMPILE = $(DEB_HOST_GNU_TYPE)- endif +export CFLAGS := $(shell dpkg-buildflags --get CFLAGS) +export LDFLAGS := $(shell dpkg-buildflags --get LDFLAGS) +export CPPFLAGS := $(shell dpkg-buildflags --get CPPFLAGS) +CFLAGS := $(filter-out -Werror=format-security,$(CFLAGS)) + build: build-arch build-indep build-indep: @@ -65,7 +70,7 @@ $(BUILD_DIR)/%/.built: DIR = $(BUILD_DIR)/$* $(BUILD_DIR)/%/.built: $(BUILD_DIR)/%/.setup dh_testdir - $(MAKE) -C '$(DIR)' SKIP_STRIP=y install docs/busybox.1 BB_EXTRA_VERSION="$(VENDOR) $(VERSION_DEBIAN)" + $(MAKE) -C '$(DIR)' V=1 SKIP_STRIP=y install docs/busybox.1 BB_EXTRA_VERSION="$(VENDOR) $(VERSION_DEBIAN)" touch $@ clean:
